Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-xwg9cavfrk
Target 1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2
SHA256 1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2

Threat Level: Likely malicious

The file 1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5042) files with added filename extension

Renames multiple (3490) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 19:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 19:12

Reported

2024-10-19 19:14

Platform

win7-20240708-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\ExportUnregister.xsl.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe

"C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe"

Network

N/A

Files

memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 bea61fe452636c2bbb3f896d76e8c5a1
SHA1 ff8493d7578a76cd4b518c972fd59e49ae2973f0
SHA256 005663f3d547d7d3af1113c8ba3cf871bfed8a45b7b48bcfcb2fb4dd33ec664b
SHA512 939f8d7c5f0efb5839943166a08f8004e7eb1a771a4701f7301662235ee88674a59a7a1afaf42d2676c4b5cb145de8c5d99c38c95ab3250dc4fcd2db3098ad32

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b030dda463f6ca508e814445ace097b9
SHA1 3b8319ef098d83f7aaa0256e0eb4f9670bfa1ef0
SHA256 1b70d67cfaa759110793e8276784e05a4f68d92b60e3644af75afb18d4cb0b28
SHA512 c81a13b0423a19437bd32043900c2f6e4ed1d6a17dfaf7e153cad95403b303562b7c7ee2cbb7521765125e0acbca9531263eb7446ee159f5ba64400a76a83978

memory/2172-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 19:12

Reported

2024-10-19 19:14

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe"

Signatures

Renames multiple (5042) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\DenyEdit.DVR-MS.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe

"C:\Users\Admin\AppData\Local\Temp\1f90f4f2a7076d8fadc34f92fb11dfa868d685c26e95d4b259979aab654d2db2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4800-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 ade838c62cf3daaba838d1fa31240fc8
SHA1 61b44b961ad3f44a56e301387063a754ee270622
SHA256 03803caa71e3418afdc62e16a3c901e7807f4e5efa031842895e4493c9ad6c0d
SHA512 37f11b5551ae2666520b2f5b1b8baa4348359de5d6b77d29bb0ef49fdb6789f54aa811939bdc15c7cba7ef5eaad9e7c732c9c94b1138663362a77d482fbf74d6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ec0320b1eeaf44b970e2a2bf59db4e3d
SHA1 b9f955b659170be5b5e8776e9cd3996a36cddad5
SHA256 e847180934d027d1dd12a7bf2be6c124205bb98136624dae2f17cad843868dbc
SHA512 5fc471663c73e056a10b586ca45106148e455e01d3c251f816f9151235a1000244e516ceb9a7aba85b7f27187c753da2d0b39330288dd2b2be16f65f4533c706

memory/4800-662-0x0000000000400000-0x000000000040B000-memory.dmp